Received: by 2002:ac0:a5a7:0:0:0:0:0 with SMTP id m36-v6csp83488imm; Thu, 2 Aug 2018 23:25:49 -0700 (PDT) X-Google-Smtp-Source: AAOMgpfXlDIhTceseoUGOlotm7IO2BMebizGl+w2qOkvogYv5EYUCgqoiuFbT0tKlfnhekTBldHy X-Received: by 2002:a17:902:1025:: with SMTP id b34-v6mr2281692pla.291.1533277549103; Thu, 02 Aug 2018 23:25:49 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1533277549; cv=none; d=google.com; s=arc-20160816; b=I0pSl2z1vcZQzkpNx7a2DfnTGOCwNVR7LV3FsMZWSvml7Vh5T8sQQRsrmGydDa2QTo ZxXbWSeVla2kLB3sK+vlTXELRucMyvNyYZYZITbu75cz65wQ0mkfVEkziXjt/OqEyARg 1HefPpVQTZwlnA9/QxyjM/mmibnw/aZTeg4/t2HuYu3XXUMbpXJEIElTsZ2n1iMcVv60 QI0BzyoHj9qw55lBlFF3u/4M5J2ejmQ4joXt7Hlii9wxAak5iVgaMLGxT1cVAT9Ki9VD HV2joEHZBnTu9WIYub17UHfuQQu4qOJIkRhhqPrEZ6pRYpKphdeLU7zWWv8tVzzs3e+t HYkQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:arc-authentication-results; bh=Izds7JVvJdixUF4RLq+46v6ey6Jd3LptorWPsAXBqJY=; b=XwbwtvjBqC4N+YN11GOgm2GRCpZmcwNxskMKwjqM4dv123dcz+g1tNVwVI0OgNueXL rSmbEERf1waMdPHLJDogeWz+mOWUxmsLTMoJwjQdAcV479ci4Owjyb2nnxkchYoScYES m9cvBi0qlweqrddPkJM20RlRNnQ20aV+wfLo/ITVcyy+x56BS2q2QXKlwzKbYsOaVehv /JfpJhuKlip+W47PGzKYeR2YmlxGavczedL1nyqPvDsmom3WS3vVOBjI21vm2jp8Ey5k p7Nv2oB8+EUN2BLAenYVlLfHZHjJKwU1yahtNVibYoez3zQo4axC+QEhO08XSjKyfCCb AbRQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id n3-v6si4050265pga.298.2018.08.02.23.25.34; Thu, 02 Aug 2018 23:25:49 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728758AbeHCITG (ORCPT + 99 others); Fri, 3 Aug 2018 04:19:06 -0400 Received: from mx2.suse.de ([195.135.220.15]:55210 "EHLO mx1.suse.de" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1727419AbeHCITF (ORCPT ); Fri, 3 Aug 2018 04:19:05 -0400 X-Virus-Scanned: by amavisd-new at test-mx.suse.de Received: from relay2.suse.de (unknown [195.135.220.254]) by mx1.suse.de (Postfix) with ESMTP id 33875AFC8; Fri, 3 Aug 2018 06:24:20 +0000 (UTC) Date: Fri, 3 Aug 2018 08:24:19 +0200 From: Michal Hocko To: Jeremy Linton Cc: linux-mm@kvack.org, cl@linux.com, penberg@kernel.org, rientjes@google.com, iamjoonsoo.kim@lge.com, akpm@linux-foundation.org, vbabka@suse.cz, Punit.Agrawal@arm.com, Lorenzo.Pieralisi@arm.com, linux-arm-kernel@lists.infradead.org, bhelgaas@google.com, linux-kernel@vger.kernel.org Subject: Re: [RFC 2/2] mm: harden alloc_pages code paths against bogus nodes Message-ID: <20180803062419.GE27245@dhcp22.suse.cz> References: <20180801200418.1325826-1-jeremy.linton@arm.com> <20180801200418.1325826-3-jeremy.linton@arm.com> <20180802073147.GA10808@dhcp22.suse.cz> <5ed35dfa-5f02-55cb-9b84-b944394e1a5a@arm.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <5ed35dfa-5f02-55cb-9b84-b944394e1a5a@arm.com> User-Agent: Mutt/1.10.1 (2018-07-13) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu 02-08-18 22:17:49, Jeremy Linton wrote: > Hi, > > On 08/02/2018 02:31 AM, Michal Hocko wrote: > > On Wed 01-08-18 15:04:18, Jeremy Linton wrote: > > > Its possible to crash __alloc_pages_nodemask by passing it > > > bogus node ids. This is caused by NODE_DATA() returning null > > > (hopefully) when the requested node is offline. We can > > > harded against the basic case of a mostly valid node, that > > > isn't online by checking for null and failing prepare_alloc_pages. > > > > > > But this then suggests we should also harden NODE_DATA() like this > > > > > > #define NODE_DATA(nid) ( (nid) < MAX_NUMNODES ? node_data[(nid)] : NULL) > > > > > > eventually this starts to add a bunch of generally uneeded checks > > > in some code paths that are called quite frequently. > > > > But the page allocator is really a hot path and people will not be happy > > to have yet another branch there. No code should really use invalid numa > > node ids in the first place. > > > > If I remember those bugs correctly then it was the arch code which was > > doing something wrong. I would prefer that code to be fixed instead. > > Yes, I think the consensus is that 2/2 should be dropped. > > The arch code is being fixed (both cases) this patch set is just an attempt > to harden this code path against future failures like that so that we get > some warnings/ugly messages rather than early boot failures. Hmm, this is a completely different story. We do have VM_{BUG,WARN}_ON which are noops for most configurations. It is primarily meant to be enabled for developers or special debug kernels. If you have an example when such an early splat in the log would safe a lot of head scratching then this would sound like a reasonable justification to add VM_WARN_ON(!NODE_DATA(nid)) into the page allocator, me thinks. But considering that would should get NULL ptr splat anyway then I am not really so sure. But maybe we are in a context where warning would get into the log while a blow up would just make the whole machine silent... -- Michal Hocko SUSE Labs